A restricted shell is a Unix shell that has been modified to allow the Unix shell user to do fewer things than a normal shell would allow him to do. It may allow the user to run only certain programs. It may stop the user from changing directories. Many sites run their own restricted shells to allow limited use of their systems over the Internet. Restricted shells often make use of the restricted shell (rsh).

On poorly implemented restricted shells, the shell user can break out of the restricted environment by running a program that features a shell function. A good example of a shell function is provided by vi.

The restricted shell user could start vi and then use this command:

:set shell=/bin/sh

then shell using this command:

:shell

Many menu based restricted shells will allow the restricted shell user to configure his user environment, or to run programs that allow the restricted shell user to configure his user
environment.

To find weaknesses in your restricted shell system, check for configuration options that refer to executable programs. If the program lets the Unix shell user define an editor, for example, the user may try to
set escape the restricted shell by setting his editor to “/bin/csh -i -f”

If the Unix shell user are not allowed to read files, the restriced shell user may try to open them inside an e-mail program.

If the Unix shell user are not allowed to edit files, the restriced shell user may try to save that to file from an e-mail program.

If your restricted shell prevents the restricted shell user from using the “cd” command, the restriced shell user may try to FTP into his account and change directories.

FTP poses another risk to restricted shells if it can aso be used to edit a file by getting the file, editing it offline, and putting the edited file back online.